CompTIA Security+ (SY0-501) — Question 489

Joe, a contractor, is hired by a firm to perform a penetration test against the firm's infrastructure. When conducting the scan, he receives only the network diagram and the network list to scan against the network.
Which of the following scan types is Joe performing?

Answer options

• A. Authenticated
• B. White box
• C. Automated
• D. Gray box

Correct answer: D

Explanation

Joe is conducting a Gray box scan because he has partial knowledge of the system, as indicated by the network diagram and list. This differs from a White box scan where complete access to the source code and architecture is provided, and an Authenticated scan which requires user credentials. An Automated scan refers to the use of tools without human intervention, which does not apply here.